Upon SSH_OK, callers of `ssh_dh_keypair_set_keys` expect for ownership
of the `priv` and `pub` values to be transferred away and eventually
later managed by way of the `struct dh_ctx` at hand.
The mbedTLS and gcrypt builds transfer ownership of these values in
that way, but the libcrypto `ssh_dh_keypair_set_keys` is copying the
given values with `BN_dup`. This causes a memory leak that can be
seen with pkd and valgrind:
valgrind --leak-check=full \
./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_diffie_hellman_group16_sha512
Fix the leak by replacing the `BN_dup` with direct assignment.
Now the bignums will eventually be freed via `ssh_dh_cleanup`.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to free the `dh_ctx` member in `ssh_dh_cleanup` to match
the allocation in `ssh_dh_init_common`.
The before-and-after of this change can be observed with the pkd
tests and valgrind:
valgrind --leak-check=full \
./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_diffie_hellman_group16_sha512
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
